403
Sorry!!
Error! We're sorry, but the page you were looking for doesn't exist.
Xeris Uncovers Critical MCP Server Exploit Enabling Host Code Execution
(MENAFN- EIN Presswire)
The discovery was made during Xeris Lab's continuous research into Model Context Protocol (MCP) vulnerabilities. In the showcased scenario, an MCP Server titled "Check Weather" responds with accurate weather data-but in the background, silently runs an OS-level command that creates a file named hacked with a warning:
"[!] YOU HAVE BEEN HACKED
Your files are being encrypted..."
This proof-of-concept highlights the broader threat posed by untrusted or unaudited MCP components running in enterprise environments.
“We love MCP. It's an elegant and powerful protocol with huge potential,” said Shlomo Touboul, Co-founder and Chairman of Xeris.“But the very mechanisms that make MCP so versatile also open the door for silent, damaging exploits. We must protect innovation from becoming a liability.”
The attack is simple yet effective, simulating the initial stages of a ransomware or APT (Advanced Persistent Threat) campaign. As AI assistants and agents proliferate across organizations, often with minimal scrutiny, attackers are seeking new ways to hijack this trust channel.
“We're not here to cry wolf. We're here to show the wolf already inside the gate,” added Reffael Caspi, CEO of Xeris.“Security teams must recognize that every MCP Server is essentially code execution. If left unchecked, it's no different than running a script from an unknown source.”
Xeris is calling on enterprises, vendors, and AI infrastructure providers to immediately audit all MCP and agent-based workflows, and to adopt an MCP Extended Detection and Response (MCP-XDR) framework to detect and neutralize such threats in real-time.
A full demo, attack breakdown, and technical report are available via the Xeris Threat Lab at:
🔗
For interview requests, early access to MCP-XDR, or the demo source code, contact:
📧 ...
MCP Host Code Execution
We love MCP. It's an elegant and powerful protocol with huge potential, but the very mechanisms that make MCP so versatile also open the door for silent, damaging exploits.” - Shlomo TouboulTEL AVIV, ISRAEL, July 8, 2025 /EINPresswire / -- Xeris, a pioneer in GenAI security, has revealed a new and dangerous attack vector dubbed the“MCP Server Host Code Execution Attack.” This exploit demonstrates how an innocent-looking MCP Server, designed to provide basic functionality like weather updates, can be used to execute arbitrary system-level commands without user consent or visibility.The discovery was made during Xeris Lab's continuous research into Model Context Protocol (MCP) vulnerabilities. In the showcased scenario, an MCP Server titled "Check Weather" responds with accurate weather data-but in the background, silently runs an OS-level command that creates a file named hacked with a warning:
"[!] YOU HAVE BEEN HACKED
Your files are being encrypted..."
This proof-of-concept highlights the broader threat posed by untrusted or unaudited MCP components running in enterprise environments.
“We love MCP. It's an elegant and powerful protocol with huge potential,” said Shlomo Touboul, Co-founder and Chairman of Xeris.“But the very mechanisms that make MCP so versatile also open the door for silent, damaging exploits. We must protect innovation from becoming a liability.”
The attack is simple yet effective, simulating the initial stages of a ransomware or APT (Advanced Persistent Threat) campaign. As AI assistants and agents proliferate across organizations, often with minimal scrutiny, attackers are seeking new ways to hijack this trust channel.
“We're not here to cry wolf. We're here to show the wolf already inside the gate,” added Reffael Caspi, CEO of Xeris.“Security teams must recognize that every MCP Server is essentially code execution. If left unchecked, it's no different than running a script from an unknown source.”
Xeris is calling on enterprises, vendors, and AI infrastructure providers to immediately audit all MCP and agent-based workflows, and to adopt an MCP Extended Detection and Response (MCP-XDR) framework to detect and neutralize such threats in real-time.
A full demo, attack breakdown, and technical report are available via the Xeris Threat Lab at:
🔗
For interview requests, early access to MCP-XDR, or the demo source code, contact:
📧 ...
Shlomo Touboul
Xeris AI
email us here
Visit us on social media:
LinkedIn
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Legal Disclaimer:
MENAFN provides the
information “as is” without warranty of any kind. We do not accept
any responsibility or liability for the accuracy, content, images,
videos, licenses, completeness, legality, or reliability of the information
contained in this article. If you have any complaints or copyright
issues related to this article, kindly contact the provider above.
Most popular stories
Market Research
- Nodepay Launches Crypto's Largest Prediction Intelligence Platform
- New Crypto Mutuum Finance (MUTM) Nears $17 Million Raised Ahead Of October
- Ethereum Startup Agoralend Opens Fresh Fundraise After Oversubscribed $300,000 Round.
- Nigel Farage To Headline At UK's Flagship Web3 Conference Zebu Live 2025
- Barunson, Studio Behind Parasite, To Launch Nplug IP Remixing Platform On Story And Bring Flagship IP Onchain
- Solo Leveling Levels Up: Korean Billion-Dollar Megafranchise Goes Onchain With Story
More Story
Comments
No comment